Enterasys Networks 9034310-01, 2G4082-25 Secure Networks Policy Support, Standards Compatibility

Page 21

Secure Networks Policy Support

Secure Networks Policy Support

A fundamental concept that is key to the implementation of the Enterasys Secure Networks methodology is policy‐enabled networking. This approach provides users of the network with the resources they need ‐ in a secure fashion – while at the same time denying access to applications or protocols that are deemed inappropriate based on the user’s function within the organization. By adopting such a “user‐personalized” model, it is possible for business policies to be the guidelines in establishing the technology architecture of the enterprise. Two major objectives are achieved in this way: IT services are matched appropriately with individual users; and the network itself becomes an active participant in the organization’s security strategy. The Secure Networks architecture consists of three tiers:

Classification rules make up the first or bottom tier. The rules apply to devices in the Secure Networks environment, such as switches and routers. The rules are designed to be implemented at or near the user’s point of entry to the network. Rules may be written based on criteria defined in the Layer 2, Layer 3 or Layer 4 information of the data frame.

The middle tier is Services, which are collections of individual classification rules, grouped logically to either permit or deny access to protocols or applications based on the user’s role within the organization. Priority and bandwidth rate limiting may also be defined in services.

Roles, or behavioral profiles, make up the top tier. The roles assign services to various business functions or departments, such as executive, sales, and engineering.

To enhance security and deliver a true policy‐based infrastructure, the Enterasys Secure Networks methodology can take advantage of authentication methods, such as 802.1X, using EAP‐TLS, EAP‐ TTLS, or PEAP, as well as other types of authentication. Authorization information, attached to the authentication response, determines the application of policy. Authorization information is communicated via the policy name in a RADIUS Filter‐ID attribute. An administrator can also define a role to be implemented in the absence of an authentication framework. Refer to the release notes shipped with the module for details.

Standards Compatibility

The DFE modules are fully compliant with the IEEE 802.3‐2002, 802.3ae‐2002, 802.1D‐1998, and 802.1Q‐1998 standards. The DFE module provides IEEE 802.1D‐1998 Spanning Tree Algorithm (STA) support to enhance the overall reliability of the network and protect against “loop” conditions.

LANVIEW Diagnostic LEDs

LANVIEW diagnostic LEDs serve as an important troubleshooting aid by providing an easy way to observe the status of individual ports and overall network operations.

Matrix DFE-Platinum Series Installation Guide 1-5

Page 20 Page 22
Image 21
Page 20 Page 22
Contents
Enterasys Matrix Page Page Regulatory Compliance Information Electromagnetic Compatibility EMC Supplement to Product Instructions Vcci Notice Enterasys NETWORKS, INC. Firmware License Agreement Vii Viii Contents Appendix a Specifications IndexTables About This Guide Who Should Use This GuideImportant Notice Related Documents How to Use This GuideGetting Help Conventions Used in This GuideGetting Help Overview of DFE Series Capabilities Introduction2G4082-25 DFE-Platinum ModuleDFE Switch Configuration Using CLI Commands Switch Configuration Using WebViewNetwork Expansion Module NEM Option ConnectivityLanview Diagnostic LEDs Secure Networks Policy SupportStandards Compatibility Lanview Diagnostic LEDs Introduction Link Aggregation Network Requirements100BASE-TX Network 10BASE-T Network1000BASE-T Network 1000BASE-SX/LX/ELX NetworkInstallation Installing Optional Network Expansion Modules Installing Module into Matrix E7 or N7 ChassisUnpacking the DFE-Platinum Module Preparation InstallationCard guides Installing Module into Matrix N1, N3, or N5 Chassis Connecting UTP Cables Connecting to the NetworkConnecting a Twisted Pair Segment to the DFE-Platinum Module RX+ TX1+ RX1 TX2+ TX3+ RX3 RX2 TX4+ RX4 Connecting to COM Port for Local Management What Is NeededConnecting to an IBM PC or Compatible Device Connecting an IBM PC or Compatible Connecting to a VT Series TerminalConnecting a VT Series Terminal Connecting to a ModemDB9 Adapter Wiring and Signal AssignmentsModem Port Adapter Wiring and Signal Diagram First-Time Log-In Using a Console Port Connection Completing the Installation of a New System11 Matrix DFE Startup Screen Example N7 Chassis Logging in with an Administratively-Configured User AccountUsing Lanview TroubleshootingAbout the Management Mgmt LED Viewing the Receive and Transmit ActivityLED Alternating 67% on, 33% off Series Configuration Guide for proper setup Troubleshooting ChecklistOverview of DFE-Platinum Module Shutdown Procedure Recommended Shutdown Procedure DFE-Platinum Module Specifications SpecificationsRegulatory Compliance COM Port Pinout AssignmentsMode Switch Bank Settings Optional Installations Setting the Mode SwitchesRequired Tools Figure B-1 Mode Switch Location on 2G4082-25 Memory Locations and Replacement ProceduresFlash Dimm Replacement Procedure Location of Memory ModulesRemoving the Dimm from 2G4082-25 Figure B-3 NEM Removal and Dimm Connector Location Dimm Installing the DimmDram Simm Replacement Procedure Installing the Dram SimmRemoving the Dram Simm Figure B-7 Installing the Dram Simm Page Numerics IndexIndex-2
Related manuals
Manual 58 pages 25.55 Kb